----- Original Message ----- > From: "Robin Lee Powell" <rlpowell@xxxxxxxxxxxxxxxxxx> > To: selinux@xxxxxxxxxxxxxxxxxxxxxxx > Sent: Monday, July 27, 2015 6:05:51 PM > Subject: Conflict between local module and local fcontext > > > So I have a custom module that includes: > > type lojban_logger_t; > type lojban_logger_exec_t; > > application_domain( lojban_logger_t, lojban_logger_exec_t) > init_daemon_domain(lojban_logger_t, lojban_logger_exec_t) > > (not sure if those are redundant?) and: > > /srv/lojban/irclogs(/.*)? system_u:object_r:lojban_logger_t:s0 > > I've made a variety of changes with "semodule fcontext", including: > > /srv/lojban system_u:object_r:httpd_user_content_t:s0 > /srv/lojban(/.*)? system_u:object_r:httpd_user_content_t:s0 > > As a result, the changes in my module are ignored, and the files > end up with httpd_user_content_t > > So I tried: > > $ sudo semanage fcontext -a -t lojban_logger_t '/srv/lojban/irclogs(/.*)?' > ValueError: Type lojban_logger_t is invalid, must be a file or device type > > Uhh. > > I guess this means that the custom module's types can't be seen by > semanage? > > So, what's the correct solution here? > 1) Define a new type that is usable for log files in the .te type logjban_logger_log_t; logging_log_type(logjban_logger_log_t) 2) Add this label to the path in the .fc /srv/lojban/irclogs(/.*)? system_u:object_r:logjban_logger_log_t:s0 > -- > http://intelligence.org/ : Our last, best hope for a fantastic future. > .i ko na cpedu lo nu stidi vau loi jbopre .i dafsku lu na go'i li'u .e > lu go'i li'u .i ji'a go'i lu na'e go'i li'u .e lu go'i na'i li'u .e > lu no'e go'i li'u .e lu to'e go'i li'u .e lu lo mamta be do cu sofybakni li'u > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux -- Simon Sekidde * Red Hat, Inc. * Westford, MA gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
